Every day I experience life in the world of healthcare IT, supporting 3000 doctors, 18000 faculty, and 3 million patients. In this blog I record my experiences with infrastructure, applications, policies, management, and governance as well as muse on such topics such as reducing our carbon footprint, standardizing data in healthcare, and living life to its fullest.

Friday, November 16, 2007

Our Secure email strategy

Here's the third in my series on providing secure, spam free, virus free email to 25,000 users.

Regular email that travels over the internet is completely insecure. It's about the same as sending a postcard, since any server administrator or network expert could intercept and read mail as it goes from sender to receiver.

For healthcare email, especially messages containing protected health information (PHI), secure email between organizations is a best practice consistent with the spirit of HIPAA. Over the past 5 years, many organizations in the Massachusetts healthcare community have implemented secure email for all traffic between organizations.

We started the process the in 2002 by working with leading vendors of messaging systems to harmonize the standards used to send email. We used the Internet Engineering Task Force's (IETF) Request for Comment (RFC) process to complete the specifications for S/MIME Gateways. Since that time, another approach called Open Pretty Good Privacy (OpenPGP) has also become popular in the messaging market. A comparison of these two standards is here

Today, Beth Israel Deaconess Medical Center, Children's Hospital, Tufts Health Plan, Harvard Pilgrim Health Plan, and the Division of Medical Assistance (Medicaid) are using gateways that support S/MIME and OpenPGP. Here's how it works. Someone at BIDMC sends an email from a web browser or their email program and it passes into our Microsoft Exchange email server. Between Exchange and the internet, we've inserted the Tumbleweed Secure Messenger. It has a list of all our business partners with secure email systems. If an email is sent to one of these partners, the email is encrypted and sent to the receipient's secure email gateway. Other emails are sent insecurely via the regular internet methods. We are also piloting content filtering systems that identify insecure emails containing credit card data or patient identifiers so we can quarantine those before they are sent over the public internet.

The best feature about this secure email approach is that users do not even know we have it in place. Security is organization to organization, not person to person, so no special email clients or digital certificates are needed. It's seamless, effective and low cost.

As you can tell from my last three posts, supporting spam-free, virus free email is a major undertaking.